Friday, November 2, 2012

exploit-exercises Nebula: level14

level14 of Nebula wargame says that we have a binary that takes input from standard input and outputs an encryption. Our goal is to decrypt the token file.
level14@nebula:~$ cat ../flag14/token 
857:g67?5ABBo:BtDA?tIvLDKL{MQPSRQWW.
Playing a bit with the binary, we see that the "encryption" is just encoding the input by incrementing characters one-by-one with a value that starts at 0 and is increased by 1 each time.
level14@nebula:~$ echo -n "aaaaaaaaaaaaa" | ../flag14/flag14 -e
abcdefghijklm
Taking this into account, decrypting the content of token becomes trivial. A simple python script for the task.
level14@nebula:~$ cat dec.py 
import sys
result = ""
pos = 0
with open(sys.argv[1], "r") as f:
    for c in f.read()[:-1]:
        result += chr(ord(c) - pos)
        pos += 1
print result
level14@nebula:~$ python dec.py ../flag14/token
8457c118-887c-4e40-a5a6-33a25353165
We login into flag14 and getflag!
flag14@nebula:~$ getflag
You have successfully executed getflag on a target account

No comments:

Post a Comment